From 357998ddbdeb2fae0a30c578e747154fec22c180 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Thu, 18 Mar 2004 19:22:51 +0000 Subject: Password lockout for LDAP backend. Caches autolock flag, bad count, and bad time locally, updating the directory only for hitting the policy limit or resetting. This needed to be done at the passdb level rather than auth, because some of the functions need to be supported from tools such as pdbedit. It was done at the LDAP backend level instead of generically after discussion, because of the complexity of inserting it at a higher level. The login cache read/write/delete is outside of the ldap backend, so it could easily be called by other backends. tdbsam won't call it for obvious reasons, and authors of other backends need to decide if they want to implement it. (This used to be commit 2a679cbc87a2a9111e9e6cdebbb62dec0ab3a0c0) --- source3/include/passdb.h | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source3/include/passdb.h') diff --git a/source3/include/passdb.h b/source3/include/passdb.h index 9eab46bbff..75c4fd215b 100644 --- a/source3/include/passdb.h +++ b/source3/include/passdb.h @@ -125,6 +125,15 @@ enum pdb_value_state { #define IS_SAM_SET(x, flag) (pdb_get_init_flags(x, flag) == PDB_SET) #define IS_SAM_CHANGED(x, flag) (pdb_get_init_flags(x, flag) == PDB_CHANGED) #define IS_SAM_DEFAULT(x, flag) (pdb_get_init_flags(x, flag) == PDB_DEFAULT) + +/* cache for bad password lockout data, to be used on replicated SAMs */ +typedef struct logon_cache_struct +{ + time_t entry_timestamp; + uint16 acct_ctrl; + uint16 bad_password_count; + time_t bad_password_time; +} LOGIN_CACHE; typedef struct sam_passwd { -- cgit